package com.microsoft.mmx.agents.ypp.authclient.crypto;

import Microsoft.Windows.MobilityExperience.Health.Agents.CryptoJwtGenerationActivity;
import Microsoft.Windows.MobilityExperience.Health.Agents.NonceJwtGenerationActivity;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.mmx.agents.AgentsLogger;
import com.microsoft.mmx.agents.logging.ILogger;
import com.microsoft.mmx.agents.logging.LogDestination;
import com.microsoft.mmx.agents.logging.TraceContext;
import com.microsoft.mmx.agents.util.TelemetryUtils;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.logging.ContentProperties;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.jwk.Curve;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import javax.inject.Inject;
import net.minidev.json.JSONObject;
import org.joda.time.DateTime;

/* loaded from: classes2.dex */
public class JwtHelper {
    private static final String TAG = "JwtHelper";
    private final ILogger logger;
    private final PlatformConfiguration platformConfiguration;
    private final AgentsLogger telemetry;

    @Inject
    public JwtHelper(@NonNull PlatformConfiguration platformConfiguration, @NonNull AgentsLogger agentsLogger, @NonNull ILogger iLogger) {
        this.platformConfiguration = platformConfiguration;
        this.telemetry = agentsLogger;
        this.logger = iLogger;
    }

    @WorkerThread
    private String getJwtInternal(@NonNull KeyStore.PrivateKeyEntry privateKeyEntry, @NonNull JSONObject jSONObject) throws JOSEException {
        jSONObject.put("exp", Long.valueOf(DateTime.now().plus(this.platformConfiguration.getJwtExpirationTime()).getMillis() / 1000));
        jSONObject.put("nbf", Long.valueOf(DateTime.now().minus(this.platformConfiguration.getJwtNotBefore()).getMillis() / 1000));
        ECDSASigner eCDSASigner = new ECDSASigner(privateKeyEntry.getPrivateKey(), Curve.P_384);
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.ES384).type(JOSEObjectType.JWT).build(), new Payload(jSONObject));
        jWSObject.sign(eCDSASigner);
        return jWSObject.serialize();
    }

    @WorkerThread
    public String a(@NonNull KeyStore.PrivateKeyEntry privateKeyEntry, @NonNull String str, @NonNull TraceContext traceContext) {
        NonceJwtGenerationActivity nonceJwtGenerationActivity = new NonceJwtGenerationActivity();
        TelemetryUtils.populateBaseActivityWithTraceContext(nonceJwtGenerationActivity, traceContext.createChild());
        nonceJwtGenerationActivity.setDim1("ECDSA384");
        this.telemetry.logActivityStart(nonceJwtGenerationActivity);
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("Nonce", str);
            jSONObject.put("Certificate", CertificateUtils.a(privateKeyEntry));
            String jwtInternal = getJwtInternal(privateKeyEntry, jSONObject);
            this.telemetry.logActivityEnd(nonceJwtGenerationActivity);
            return jwtInternal;
        } catch (JOSEException e2) {
            CryptoException cryptoException = new CryptoException(e2);
            AuthTelemetryUtils.populateActivityExceptionDetails(nonceJwtGenerationActivity, cryptoException);
            this.telemetry.logActivityEndExceptional(TAG, "getNonceJwt", nonceJwtGenerationActivity, cryptoException);
            throw cryptoException;
        }
    }

    @WorkerThread
    public String b(@NonNull KeyStore.PrivateKeyEntry privateKeyEntry, @NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        CryptoJwtGenerationActivity cryptoJwtGenerationActivity = new CryptoJwtGenerationActivity();
        TelemetryUtils.populateBaseActivityWithTraceContext(cryptoJwtGenerationActivity, traceContext.createChild());
        cryptoJwtGenerationActivity.setDim1("ECDSA384");
        this.telemetry.logActivityStart(cryptoJwtGenerationActivity);
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("Data", str);
            jSONObject.put("iss", str2);
            String jwtInternal = getJwtInternal(privateKeyEntry, jSONObject);
            this.telemetry.logActivityEnd(cryptoJwtGenerationActivity);
            return jwtInternal;
        } catch (JOSEException e2) {
            CryptoException cryptoException = new CryptoException(e2);
            AuthTelemetryUtils.populateActivityExceptionDetails(cryptoJwtGenerationActivity, cryptoException);
            this.telemetry.logActivityEndExceptional(TAG, "getSignedJwtWithIssuer", cryptoJwtGenerationActivity, cryptoException);
            throw cryptoException;
        }
    }

    @Nullable
    @WorkerThread
    public String getIssFromJwt(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            String asString = JWSObject.parse(str).getPayload().toJSONObject().getAsString("iss");
            if (asString != null) {
                return asString;
            }
            throw new ParseException("iss not claimed in jwt payload", 0);
        } catch (ParseException e2) {
            this.logger.logException(TAG, ContentProperties.NO_PII, "GetIssFromJwtException", e2, traceContext, LogDestination.Remote);
            return null;
        }
    }

    @Nullable
    @WorkerThread
    public String verifyAndGetDataFromJwt(@NonNull String str, @NonNull X509Certificate x509Certificate, @NonNull TraceContext traceContext) {
        try {
            JWSObject parse = JWSObject.parse(str);
            JSONObject jSONObject = parse.getPayload().toJSONObject();
            parse.verify(new DefaultJWSVerifierFactory().createJWSVerifier(parse.getHeader(), x509Certificate.getPublicKey()));
            return jSONObject.getAsString("Data");
        } catch (JOSEException | ParseException e2) {
            this.logger.logException(TAG, ContentProperties.NO_PII, "verifyAndGetDataFromJwtException", e2, traceContext, LogDestination.Remote);
            return null;
        }
    }
}
